public void Test_AddAllowReadQuery_NameQuery()
{
using (DatabaseContext.GetContext(true))
{
EntityType securableEntityType1;
IEntity entity1A;
IEntity entity1Z;
Subject subject;
Report report;
IDictionary <long, bool> result;
securableEntityType1 = Entity.Create <EntityType>();
securableEntityType1.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType1.Save();
entity1A = Entity.Create(new EntityRef(securableEntityType1.Id));
entity1A.SetField("core:name", "A");
entity1A.Save();
entity1Z = Entity.Create(new EntityRef(securableEntityType1.Id));
entity1Z.SetField("core:name", "Z");
entity1Z.Save();
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
report = TestQueries.EntitiesWithNameA().ToReport();
new AccessRuleFactory().AddAllowReadQuery(subject, securableEntityType1.As <SecurableEntity>(), report);
result = new EntityAccessControlChecker().CheckAccess(
new[] { new EntityRef(entity1A.Id), new EntityRef(entity1Z.Id) },
new[] { Permissions.Read },
subject);
Assert.That(result, Has.Property("Count").EqualTo(2));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1A.Id).And.Property("Value").True);
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1Z.Id).And.Property("Value").False);
}
}
public void TestTempDeletedChildItemIgnored( )
{
var svc = new EntityInfoService( );
EntityRef orgRef = null;
try
{
var o = new Report
{
Name = "org rpt",
Alias = "shared:a" + Guid.NewGuid( )
};
var b = new ReportColumn
{
Name = "bob",
Alias = "shared:a" + Guid.NewGuid( ),
ColumnForReport = o
};
EntityData result = svc.GetEntityData(b, EntityRequestHelper.BuildRequest("name, columnForReport.name"));
result.Relationships[0].Instances[0].DataState = DataState.Delete;
orgRef = svc.CreateEntity(result);
}
finally
{
if (orgRef != null)
{
Entity.Delete(orgRef);
}
}
}
public void Test_GetQueries_NullPermission( )
{
Role testSubject;
EntityType testSecurableEntityType;
IEnumerable <AccessRuleQuery> result;
AccessRule accessRule;
Report report;
QueryRepository queryRepository;
using (DatabaseContext.GetContext(true))
{
testSecurableEntityType = Entity.Create <EntityType>( );
testSecurableEntityType.Save( );
report = TestQueries.Entities( ).ToReport( );
report.Save( );
accessRule = Entity.Create <AccessRule>( );
accessRule.AccessRuleEnabled = true;
accessRule.PermissionAccess.Add(Entity.Get <Permission>(Permissions.Read));
accessRule.ControlAccess = testSecurableEntityType.As <SecurableEntity>( );
accessRule.AccessRuleReport = report;
accessRule.Save( );
testSubject = Entity.Create <Role>( );
testSubject.AllowAccess.Add(accessRule.As <AccessRule>( ));
testSubject.Save( );
queryRepository = new QueryRepository( );
result = new List <AccessRuleQuery>(queryRepository.GetQueries(testSubject.Id,
null, new [] { testSecurableEntityType.Id }));
Assert.That(result, Is.Not.Empty);
}
}
public void Test_AddAllowCreate_AllowMultipleCreate()
{
EntityType[] securableEntityTypes;
const int numTypes = 5;
Subject subject;
IDictionary <long, bool> result;
IEntity[] entities;
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
securableEntityTypes = new EntityType[numTypes];
for (int i = 0; i < numTypes; i++)
{
securableEntityTypes[i] = Entity.Create <EntityType>();
securableEntityTypes[i].Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityTypes[i].Save();
new AccessRuleFactory().AddAllowCreate(subject, securableEntityTypes[i].As <SecurableEntity>());
}
entities = new IEntity[numTypes];
for (int i = 0; i < numTypes; i++)
{
entities[i] = Entity.Create(securableEntityTypes[i]);
}
result = new EntityAccessControlChecker().CheckAccess(entities.Select(x => new EntityRef(x)).ToList(),
new[] { Permissions.Create }, subject);
Assert.That(result, Has.Count.EqualTo(numTypes));
Assert.That(result.Keys, Is.EquivalentTo(entities.Select(x => x.Id)));
Assert.That(result.Values, Has.All.True);
}
public void Test_GetQueries_NullSecurableEntityType()
{
Role testSubject;
EntityType testSecurableEntityType;
AccessRule accessRule;
SecurableEntity securableEntityType;
ICollection <AccessRule> result;
IEntityRepository entityRepository = Factory.EntityRepository;
using (DatabaseContext.GetContext(true))
{
securableEntityType = Entity.Create <EntityType>( ).As <SecurableEntity>( );
securableEntityType.Save( );
accessRule = Entity.Create <AccessRule>( );
accessRule.AccessRuleEnabled = true;
accessRule.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>( ));
accessRule.Save( );
testSubject = Entity.Create <Role>( );
testSubject.AllowAccess.Add(accessRule.As <AccessRule>( ));
testSubject.Save();
testSecurableEntityType = Entity.Create <EntityType>();
testSecurableEntityType.Save();
result = null;
Assert.That(() => result = new RuleRepository(entityRepository).GetAccessRules(testSubject.Id, Permissions.Read, null),
Throws.Nothing);
Assert.That(result, Is.Not.Null);
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(result.First( ).Id, Is.EqualTo(accessRule.Id));
}
}
public void Test_CheckAccess_SecurityBypassContext()
{
EntityRef[] entityIds;
IDictionary <long, bool> result;
UserAccount userAccount;
EntityAccessControlChecker entityAccessControlChecker;
MockRepository mockRepository;
entityIds = new EntityRef[] { 1, 2, 3 };
mockRepository = new MockRepository(MockBehavior.Strict);
entityAccessControlChecker = new EntityAccessControlChecker(
mockRepository.Create <IUserRoleRepository>().Object,
mockRepository.Create <IQueryRepository>().Object,
mockRepository.Create <IEntityTypeRepository>().Object
);
userAccount = Entity.Create <UserAccount>();
userAccount.Save();
using (new SecurityBypassContext())
{
result = entityAccessControlChecker.CheckAccess(entityIds,
new[] { Permissions.Read },
userAccount);
}
Assert.That(result, Has.Count.EqualTo(entityIds.Count()));
Assert.That(result, Has.All.Property("Value").True);
mockRepository.VerifyAll();
}
private void CreateAccessRules(IAccessRuleFactory accessRuleFactory, IAccessRuleReportFactory accessRuleReportFactory,
Subject subject, IList <string> typeNames, IList <EntityRef> permissions, string aliasTemplate,
Solution solution = null)
{
AccessRule accessRule;
foreach (string typeName in typeNames)
{
SecurableEntity targetType = Entity.Get <SecurableEntity>(typeName);
Assert.That(targetType, Is.Not.Null,
string.Format("Type {0} does not exist", typeName));
accessRule = accessRuleFactory.AddAllowByQuery(
subject,
targetType,
permissions,
accessRuleReportFactory.GetDisplayReportForSecurableEntity(targetType));
accessRule = accessRule.AsWritable <AccessRule>();
accessRule.Alias = string.Format(aliasTemplate, new EntityRef(typeName).Alias);
accessRule.AccessRuleHidden = true;
if (solution != null)
{
accessRule.InSolution = solution;
}
accessRule.Save();
Console.WriteLine("Create access rule {0} {1}", accessRule.Alias, accessRule.Id);
}
}
/// <summary>
/// Creates an action menu item.
/// </summary>
/// <typeparam name="T">The action menu item implementation.</typeparam>
/// <param name="name">The name of the menu item.</param>
/// <param name="emptySelectName">The name to show when selection is empty.</param>
/// <param name="multiSelectName">The name to show when there are multiple selections.</param>
/// <param name="order">The ordinal of the menu item.</param>
/// <param name="isMenu">True if the menu item has been or is to be included in the menu.</param>
/// <param name="isContextMenu">True if the menu item shows on right click.</param>
/// <param name="isButton">True if the menu item renders as a button.</param>
/// <param name="isSeperator">True if this is just a separator for other items.</param>
/// <param name="isSystem">True if this is a system reserved action menu item.</param>
/// <param name="singleSelect">True if this menu item applies to single selection.</param>
/// <param name="multiSelect">True if this menu item applies to multi selection.</param>
/// <param name="requiredPermissions">Any permission required by this item to appear.</param>
/// <param name="method">The method string indicating item behavior.</param>
/// <param name="state">The state information modifying behaviour of the method above.</param>
/// <param name="target">Optional specific information about the target this item should apply to.</param>
/// <returns>The created action menu item entity.</returns>
public static T CreateActionItem <T>(string name, string emptySelectName, string multiSelectName, int?order,
bool isMenu, bool isContextMenu, bool isButton, bool isSeperator, bool isSystem,
bool singleSelect, bool multiSelect, string[] requiredPermissions,
string method, string state, string target) where T : ActionMenuItem
{
var action = Entity.Create <T>();
action.Name = name;
action.EmptySelectName = emptySelectName;
action.MultiSelectName = multiSelectName;
action.MenuOrder = order;
action.IsActionItem = isMenu;
action.IsContextMenu = isContextMenu;
action.IsActionButton = isButton;
action.IsMenuSeparator = isSeperator;
action.IsSystem = isSystem;
action.AppliesToSelection = singleSelect;
action.AppliesToMultiSelection = multiSelect;
action.HtmlActionMethod = method;
action.HtmlActionState = state;
action.HtmlActionTarget = target;
foreach (var p in requiredPermissions)
{
action.ActionRequiresPermission.Add(Entity.Get <Permission>(p));
}
return(action);
}
public void SelfServeReportGrant( )
{
IAccessRuleFactory accessRuleFactory;
IAccessRuleReportFactory accessRuleReportFactory;
Subject selfServeRole;
Solution coreDataSolution;
accessRuleReportFactory = new AccessRuleDisplayReportFactory( );
accessRuleFactory = new AccessRuleFactory( );
using (DatabaseContext databaseContext = DatabaseContext.GetContext(true))
using (new SecurityBypassContext( ))
{
selfServeRole = Entity.Get <Subject>("core:selfServeRole", true);
coreDataSolution = CodeNameResolver.GetInstance("ReadiNow Core Data", "Application").As <Solution>( );
// Allow the test to be rerun by re-enabling the allow all Administrators access rule
//EnableAdministratorAccessAllRule( );
// Create access rules
//DeleteAccessRules( ReportTypeNames, SelfServeCreateAccessRuleNameTemplate );
CreateAccessRules(
accessRuleFactory,
accessRuleReportFactory,
selfServeRole,
SelfServeTypeNames,
new [] { Permissions.Create },
"core:createSelfServeComponentsAccessRule",
coreDataSolution);
// Disable the "allow all" administrator access rule
//DisableAdministratorAccessAllRule( );
databaseContext.CommitTransaction( );
}
}
public void HideCoreEveryoneRoles()
{
IList <AccessRule> accessRules;
Solution consoleSolution;
using (DatabaseContext databaseContext = DatabaseContext.GetContext(true))
using (new SecurityBypassContext())
{
consoleSolution = Entity.Get <Solution>("core:consoleSolution");
accessRules = Entity.GetInstancesOfType <AccessRule>(false, "accessRuleHidden, allowAccess.{alias}, inSolution.{name}, controlAccess.{name}")
.ToList();
foreach (AccessRule accessRule in accessRules)
{
if (accessRule.AllowAccessBy.Alias == "core:everyoneRole" &&
accessRule.InSolution != null && accessRule.InSolution.Name == "ReadiNow Core Data")
{
AccessRule writeableAccessRule = accessRule.AsWritable <AccessRule>();
writeableAccessRule.AccessRuleHidden = true;
if (writeableAccessRule.InSolution == consoleSolution)
{
writeableAccessRule.InSolution = null;
}
Console.Out.WriteLine("Making access rule on type {0} hidden", writeableAccessRule.ControlAccess.Name);
writeableAccessRule.Save();
}
}
databaseContext.CommitTransaction();
}
}
public void GetQueriesAsDefaultTenant()
{
var factory = new SystemAccessRuleQueryFactory();
var queries = factory.GetQueries();
Assert.IsNotNull(queries, "The system access queries should not be null.");
Assert.AreNotEqual(0, queries.Count, "The count of system access queries should not be 0.");
using (new SecurityBypassContext())
{
// Verify the system rules
foreach (var kvp in queries)
{
var subjectPermission = kvp.Key;
var accessRuleQueries = kvp.Value;
Assert.IsNotNull(Entity.Get <Subject>(subjectPermission.SubjectId), "The subject does not exist.");
Assert.IsNotNull(Entity.Get <Permission>(subjectPermission.PermissionId), "The permission does not exist.");
foreach (var accessRuleQuery in accessRuleQueries)
{
Assert.IsNotNull(Entity.Get <EntityType>(accessRuleQuery.ControlsAccessForTypeId), "The entity types does not exist.");
Assert.IsNotNull(accessRuleQuery.Query, "The query should not be null.");
QueryResult result = Factory.QueryRunner.ExecuteQuery(accessRuleQuery.Query, new QuerySettings()
{
SecureQuery = false
});
Assert.AreNotEqual(0, result.Columns.Count, "The number of columns is invalid");
Assert.IsTrue(result.Columns[0].ColumnType is IdentifierType, "The column type is invalid.");
}
}
}
}
public void Test_MaxCols_Returns_Grouped_Columns()
{
using (new SecurityBypassContext())
{
var report = Entity.GetByName <Report>("Temperature").First(r => r.InSolution != null && r.InSolution.Name == "Foster University");
ReportSettings settings = new ReportSettings
{
ColumnCount = 3,
RequireFullMetadata = true
};
var reportInterface = new ReportingInterface();
ReportResult result = reportInterface.RunReport(report.Id, settings);
Assert.That(result, Is.Not.Null);
Assert.That(result.GridData, Has.Count.GreaterThan(0));
Assert.That(result.GridData[0].Values, Has.Count.EqualTo(4));
Assert.That(result.Metadata.ReportColumns, Has.Count.EqualTo(4));
Assert.That(result.AggregateMetadata.Groups, Has.Count.EqualTo(1));
Assert.That(result.AggregateMetadata.Groups[0], Has.Count.EqualTo(1));
long groupColumnId = result.AggregateMetadata.Groups[0].Keys.First();
Assert.IsTrue(result.Metadata.ReportColumns.ContainsKey(groupColumnId.ToString(CultureInfo.InvariantCulture)));
}
}
public void TestReportsReportFiltersReportsAssignedToAccessRules( )
{
using (new SecurityBypassContext( ))
{
var reportsReport = Entity.Get <ReadiNow.Model.Report>("k:reportsReport");
var reportInterface = new ReportingInterface( );
ReportResult result = reportInterface.RunReport(reportsReport, null);
var errors = new StringBuilder( );
foreach (DataRow row in from row in result.GridData let report = Entity.Get <ReadiNow.Model.Report>(row.EntityId) where report != null where report.ReportForAccessRule != null select row)
{
if (errors.Length > 0)
{
errors.Append(",");
}
errors.AppendFormat("{0}", row.EntityId);
}
if (errors.Length > 0)
{
errors.Insert(0, "The following reports are assigned to access rules: ");
Assert.Fail(errors.ToString( ));
}
}
}
public void TestReportWithWriteOnlyField(bool isFieldWriteOnly)
{
try
{
var field = Entity.Get <Field>("test:afString", true);
field.IsFieldWriteOnly = isFieldWriteOnly;
field.Save();
IEnumerable <IEntity> reports = Entity.GetByName("AF_String");
var reportInterface = new ReportingInterface();
ReportResult result = reportInterface.RunReport(reports.First().Id, null);
if (isFieldWriteOnly)
{
Assert.IsTrue(result.GridData.All(d => string.IsNullOrEmpty(d.Values[1].Value)), "We should not have any values");
}
else
{
Assert.IsTrue(result.GridData.Any(d => !string.IsNullOrEmpty(d.Values[1].Value)), "We should have at least 1 value");
}
}
finally
{
CacheManager.ClearCaches();
}
}
public void FixCoreRules(string accessRuleName, string reportName, string newAccessRuleName, string newAlias, bool markAsNonReport)
{
// Note: you'll need to manually disable .ReadOnly checks (eg in code)
AccessRule rule;
//if ( accessRuleName == null )
//{
Report report = Entity.GetByName <Report>(reportName).Where(r => r.ReportForAccessRule != null && (r.ReportForAccessRule.Name == accessRuleName || r.ReportForAccessRule.Name == newAccessRuleName)).Single( );
rule = report.ReportForAccessRule.AsWritable <AccessRule>();
//}
//else
//{
// rule = Entity.GetByName<AccessRule>( accessRuleName ).SingleOrDefault( );
// if ( rule == null )
// throw new Exception( "Rule not found" );
//}
rule.Name = newAccessRuleName;
if (newAlias != null)
{
rule.Alias = newAlias;
}
if (markAsNonReport)
{
rule.AccessRuleIgnoreForReports = true;
Assert.That(rule.AccessRuleIgnoreForReports, Is.True);
}
long id = rule.Id;
rule.Save( );
}
/// <summary>
/// Creates an empty console behavior entity.
/// </summary>
/// <returns>The created console behavior entity.</returns>
public static ConsoleBehavior CreateBehavior()
{
var cb = Entity.Create <ConsoleBehavior>();
cb.BehaviorActionMenu = Entity.Create <ActionMenu>();
return(cb);
}
public void EntityGetMatches( )
{
// Test to load all instances of a particular entity type that have a field matching a particular value.
// Test data
// (Load all nav sections that have name='Home')
var type = new EntityRef("console", "navSection");
var field = new EntityRef("core", "name");
const string value = "Home";
// Create query
var query = new StructuredQuery
{
RootEntity = new ResourceEntity(type)
};
query.Conditions.Add(new QueryCondition
{
Expression = new ResourceDataColumn(query.RootEntity, field),
Operator = ConditionType.Equal,
Argument = new TypedValue(value)
});
// Get results
IEnumerable <NavSection> entities = Entity.GetMatches <NavSection>(query);
NavSection[] eArr = entities.ToArray( );
Assert.IsTrue(eArr.Count( ) == 1);
}
public void Test_GetQueries_SubjectWithAccessRuleButNoControl()
{
QueryRepository queryRepository;
SecurableEntity securableEntityType;
AccessRule accessRule;
Role subject;
ICollection <AccessRule> result;
IEntityRepository entityRepository = Factory.EntityRepository;
using (DatabaseContext.GetContext(true))
{
securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>();
securableEntityType.Save();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = true;
accessRule.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>());
accessRule.Save();
subject = Entity.Create <Role>();
subject.AllowAccess.Add(accessRule.As <AccessRule>());
subject.Save();
queryRepository = new QueryRepository();
result = new RuleRepository(entityRepository).GetAccessRules(subject.Id, Permissions.Read, new [] { securableEntityType.Id });
Assert.That(result, Is.Not.Null);
Assert.That(result, Is.Empty);
}
}
public void EntityGetMatchesWithRelationship( )
{
var query = new StructuredQuery
{
RootEntity = new ResourceEntity(Field.Field_Type)
};
// Root query type is 'EntityType'
// Follow 'Fields' relationship
var relatedResource = new RelatedResource
{
RelationshipDirection = RelationshipDirection.Forward,
RelationshipTypeId = new EntityRef(Field.FieldIsOnType_Field.Id),
ResourceMustExist = false
};
query.RootEntity.RelatedEntities.Add(relatedResource);
query.Conditions.Add(new QueryCondition
{
Expression = new ResourceDataColumn(relatedResource, EntityType.Name_Field),
Operator = ConditionType.Equal,
Argument = new TypedValue("Person")
});
IEnumerable <Field> personFields = Entity.GetMatches <Field>(query);
Assert.IsTrue(personFields.Any( ));
}
public void Test_CheckAccess_NoEntities()
{
MockRepository mockRepository;
EntityAccessControlChecker entityAccessControlChecker;
Mock <IUserRoleRepository> roleRepository;
Mock <IQueryRepository> queryRepository;
Mock <IEntityTypeRepository> entityTypeRepository;
IDictionary <long, bool> result;
UserAccount userAccount;
userAccount = Entity.Get <UserAccount>(RequestContext.GetContext().Identity.Id);
mockRepository = new MockRepository(MockBehavior.Strict);
roleRepository = mockRepository.Create <IUserRoleRepository>();
queryRepository = mockRepository.Create <IQueryRepository>();
entityTypeRepository = mockRepository.Create <IEntityTypeRepository>();
entityAccessControlChecker = new EntityAccessControlChecker(roleRepository.Object,
queryRepository.Object,
entityTypeRepository.Object);
result = entityAccessControlChecker.CheckAccess(new Collection <EntityRef>(),
new[] { Permissions.Read },
userAccount);
mockRepository.VerifyAll();
Assert.That(result, Is.Empty);
}
public void EntityGetMatchesWithRelationship2( )
{
var stringField = Entity.Get <EntityType>(new EntityRef("core", "stringField"));
var fieldIsOnTypeRel = Entity.Get <Relationship>(new EntityRef("core", "fieldIsOnType"));
var query = new StructuredQuery
{
RootEntity = new ResourceEntity(stringField)
};
// Root query type is 'EntityType'
// Follow 'Fields' relationship
var relatedResource = new RelatedResource
{
RelationshipDirection = RelationshipDirection.Forward,
RelationshipTypeId = fieldIsOnTypeRel.Id,
ResourceMustExist = false
};
query.RootEntity.RelatedEntities.Add(relatedResource);
//// check the condition
query.Conditions.Add(new QueryCondition
{
Expression = new ResourceDataColumn(relatedResource, EntityType.Name_Field),
Operator = ConditionType.Equal,
Argument = new TypedValue("Person")
});
IEnumerable <Field> descriptionStringFields = Entity.GetMatches <Field>(query);
Assert.IsTrue(descriptionStringFields.Any( ), "There should be at least one person type");
}
public void Test_GetQueries_SubjectWithAccessRuleButNoPermissions()
{
QueryRepository queryRepository;
SecurableEntity securableEntityType;
AccessRule accessRule;
Role subject;
IEnumerable <AccessRuleQuery> result;
Report authReport;
using (DatabaseContext.GetContext(true))
{
securableEntityType = Entity.Create <EntityType>().As <SecurableEntity>();
securableEntityType.Save();
authReport = Entity.Create <Report>();
authReport.Save();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = true;
accessRule.ControlAccess = securableEntityType;
accessRule.AccessRuleReport = authReport;
accessRule.Save();
subject = Entity.Create <Role>();
subject.AllowAccess.Add(accessRule.As <AccessRule>());
subject.Save();
queryRepository = new QueryRepository();
result = queryRepository.GetQueries(subject.Id, Permissions.Read, new[] { securableEntityType.Id });
Assert.That(result, Is.Not.Null);
Assert.That(result, Is.Empty);
}
}
/// <summary>
/// Given the <paramref name="subject"/> the specified access to <paramref name="securableEntity"/>.
/// </summary>
/// <param name="subject">
/// The subject (user or role). This cannot be null.
/// </param>
/// <param name="permissions">
/// The permission(s) to add. This cannot be null or contain null.
/// </param>
/// <param name="securableEntity">
/// The secured entity (type). This cannot be null.
/// </param>
/// <returns>
/// The <see cref="AccessRule"/> object representing the new query.
/// </returns>
/// <exception cref="ArgumentNullException">
/// No argument can be null.
/// </exception>
/// <exception cref="ArgumentException">
/// <paramref name="permissions"/> cannot contain null.
/// </exception>
public AccessRule AddAllow(Subject subject, IEnumerable <EntityRef> permissions, SecurableEntity securableEntity)
{
if (subject == null)
{
throw new ArgumentNullException("subject");
}
if (permissions == null)
{
throw new ArgumentNullException("permissions");
}
if (permissions.Contains(null))
{
throw new ArgumentException("Cannot contain null", "permissions");
}
if (securableEntity == null)
{
throw new ArgumentNullException("securableEntity");
}
AccessRule accessRule;
accessRule = Entity.Create <AccessRule>();
accessRule.Name = string.Format("'{0}' accessing '{1}'", subject.Name ?? string.Empty, securableEntity.Name ?? string.Empty);
accessRule.AccessRuleEnabled = true;
accessRule.PermissionAccess.AddRange(permissions.Select(x => x.Entity.As <Permission>()));
accessRule.ControlAccess = securableEntity;
accessRule.AllowAccessBy = subject;
accessRule.Save();
subject.Save();
return(accessRule);
}
private void Do_AddAllowXXXQuery_AllowSingleXXXAddTwice(EntityRef permission)
{
EntityType securableEntityType;
IEntity entity;
Subject subject;
List <EntityRef> permissions;
using (DatabaseContext.GetContext(true))
{
permissions = new List <EntityRef>()
{
permission
};
securableEntityType = Entity.Create <EntityType>();
securableEntityType.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType.Save();
entity = Entity.Create(new EntityRef(securableEntityType.Id));
entity.SetField("core:name", "Entity 1");
entity.Save();
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
new AccessRuleFactory().AddAllowByQuery(subject, securableEntityType.As <SecurableEntity>(), permissions, TestQueries.Entities().ToReport());
new AccessRuleFactory().AddAllowByQuery(subject, securableEntityType.As <SecurableEntity>(), permissions, TestQueries.Entities().ToReport());
Assert.That(new EntityAccessControlChecker().CheckAccess(new[] { new EntityRef(entity.Id) }, permissions, subject),
Has.Exactly(1).Property("Key").EqualTo(entity.Id).And.Property("Value").True);
Assert.That(subject.AllowAccess.Select(x => x.ControlAccess),
Has.Exactly(2).Property("Id").EqualTo(securableEntityType.Id));
Assert.That(subject.AllowAccess.Where(x => x.ControlAccess.Id == securableEntityType.Id).SelectMany(x => x.PermissionAccess),
Has.Exactly(2).Property("Id").EqualTo(permission.Id));
}
}
public void TestChangeType( )
{
// Note: refer to additional tests directly on Entity.ChangeType.
var svc = new EntityInfoService( );
IEntity e = null;
try
{
e = Entity.Create(new EntityRef("test:person"));
var ed = new EntityData
{
Id = e.Id
};
ed.TypeIds.Add(new EntityRef("test:manager"));
svc.UpdateEntityType(ed);
}
catch
{
if (e != null)
{
e.Delete( );
}
}
}
private void Do_AddAllowXXXQuery_AllowMultiple(Action <Subject, SecurableEntity> addAccess, ICollection <EntityRef> operations)
{
EntityType securableEntityType;
const int numEntities = 5;
Entity[] entities;
Subject subject;
IDictionary <long, bool> result;
using (DatabaseContext.GetContext(true))
{
securableEntityType = Entity.Create <EntityType>();
securableEntityType.Inherits.Add(Entity.Get <EntityType>("core:resource"));
securableEntityType.Save();
entities = new Entity[numEntities];
for (int i = 0; i < numEntities; i++)
{
entities[i] = Entity.Create(new EntityRef(securableEntityType.Id)).As <Entity>();
entities[i].Save();
}
subject = Entity.Create <UserAccount>().As <Subject>();
subject.Save();
addAccess(subject, securableEntityType.As <SecurableEntity>());
result = new EntityAccessControlChecker().CheckAccess(entities.Select(x => (EntityRef)x).ToList(),
operations.ToList(), subject);
for (int i = 0; i < numEntities; i++)
{
Assert.That(result,
Has.Exactly(1).Property("Key").EqualTo(entities[i].Id).And.Property("Value").True);
}
}
}
public void Test_CheckTypeAccess_SingleSpecificType(bool grant)
{
var entityType = Entity.Create <EntityType>();
entityType.Save();
var userAccount = Entity.Create <UserAccount>();
userAccount.Save();
IDictionary <SubjectPermissionTuple, IList <AccessRuleQuery> > rules = new Dictionary <SubjectPermissionTuple, IList <AccessRuleQuery> >();
if (grant)
{
rules.Add(new SubjectPermissionTuple(userAccount.Id, Permissions.Create.Id),
new List <AccessRuleQuery> {
new AccessRuleQuery(100, 101, entityType.Id, new StructuredQuery(), false)
});
}
var mockRepo = new MockRepository(MockBehavior.Strict);
var accessQueryFactoryMock = mockRepo.Create <IAccessRuleQueryFactory>();
accessQueryFactoryMock.Setup(f => f.GetQueries()).Returns(rules);
var checker = new SystemEntityAccessControlChecker(new UserRoleRepository(), new SystemAccessRuleQueryRepository(accessQueryFactoryMock.Object),
new EntityTypeRepository());
var entityTypes = new [] { entityType };
Assert.AreEqual(grant, checker.CheckTypeAccess(entityTypes, Permissions.Create, userAccount)[entityType.Id], "CheckTypeAccess returned incorrect result");
}
/// <summary>
/// Gets the type of the field data.
/// </summary>
/// <param name="fieldEntityRef">The field entity preference.</param>
/// <returns>DatabaseType.</returns>
private static DatabaseType GetFieldDataType(EntityRef fieldEntityRef)
{
DatabaseType type = DatabaseType.UnknownType;
if (fieldEntityRef != null)
{
try
{
var field = Entity.Get <Field>(fieldEntityRef);
string readiNowType = string.Format("EDC.Database.Types.{0}, {1}", field.GetFieldType().ReadiNowType, typeof(DatabaseType).Assembly.FullName);
var typeType = Type.GetType(readiNowType);
if (typeType != null)
{
return(Activator.CreateInstance(typeType) as DatabaseType);
}
}
catch
{
type = DatabaseType.UnknownType;
}
}
return(type);
}
public IHttpActionResult GetDocoSettings()
{
using (new GlobalAdministratorContext())
{
var docoSettingEntity = EntityModel.Get <SystemDocumentationSettings>("core:systemDocumentationSettingsInstance");
if (docoSettingEntity == null)
{
return(Ok());
}
var passwordSecureId = docoSettingEntity.DocumentationUserPasswordSecureId;
var docoSettings = new DocoSettingsResult()
{
DocumentationUserName = docoSettingEntity.DocumentationUserName,
DocumentationUserPassword = passwordSecureId != null?Factory.SecuredData.Read(passwordSecureId.Value) : null,
DocumentationUrl = docoSettingEntity.DocumentationUrl,
ContactSupportUrl = docoSettingEntity.ContactSupportUrl,
ReleaseNotesUrl = docoSettingEntity.ReleaseNotesUrl,
NavHeaderDocumentationUrl = docoSettingEntity.NavHeaderDocumentationUrl
};
return(Ok(docoSettings));
}
}
public void Test_AddAllowReadQuery_NullReport()
{
using (DatabaseContext.GetContext(true))
{
Assert.That(() => new AccessRuleFactory().AddAllowReadQuery(Entity.Create <Subject>(), Entity.Create <SecurableEntity>(), null),
Throws.TypeOf <ArgumentNullException>().And.Property("ParamName").EqualTo("report"));
}
}
